Monday, February 10, 2014

If you use the Thinktecture Identity Model framework, most probably you will use the "ClaimsAuthorize" attribute for your methods in a MVC controller class. If you put a break point in your custom authorization manager, you will notice that methods that have the "ClaimsAuthorize" attribute will get called twice. One time for the default Action/Resource and the second for the custom Action/Resource that you have specified in the attribute.
The reason for this is that you have registered the "ClaimsAuthorizeAttribute" in the FilterConfig class:
and you have instrumented your controller method:
The FilterConfig setup is used when we want the WIF framework to trigger the "CheckAccess" for each and every Controller methods in our MVC project. As for the "ClaimsAuthorize" attribute, only methods that are instrumented with it will trigger the "CheckAccess", if the global filter is not set.

SharePoint Links

About Me

I have been doing software engineering stuff for the past 10 years. Started from a C++ programmer, i have moved to .NET platform many years ago. Now working as a solution architect cum software development manager in a young company.